As the keynote speaker for the Winnik Forum, U.S. Federal Trade Commission (FTC) Commissioner Maureen Ohlhausen sat down with Christopher Wolf, Co-Director of Hogan Lovells’ Privacy and Information Management Practice to discuss the evolving role of the FTC as we enter an era of “Big Data” and the “Internet of Things.” Commissioner Ohlhausen offered her views on a flexible approach to protecting consumer data privacy as connected devices continue to evolve. As opportunities arise for additional potential uses of collected data, Commissioner Ohlhausen said organizations and policymakers should consider a “harms-based approach” in which new uses of data would be allowed as long as they do not cause consumer harm and as long as they remain consistent with earlier promises that organizations have made to consumers. The key for Commissioner Ohlhausen is that companies should disclose what data is being collected and keep the promises that they make to consumers about the collection and uses of that data. Continue Reading
During a November 13, 2014 hearing before the Digital Rights Commission of the French National Assembly, Jean-Marie Delarue, the head of France’s oversight Commission for National Security Interceptions (CNCIS) said that France’s 1991 law on national security wiretaps needed to be updated to better protect individuals. Currently, the CNCIS is consulted by the Prime Minister’s office before the implementation of national security wiretaps. According to Mr. Delarue, this system works well for wiretaps. But the collection of metadata falls largely outside this procedure. According to Delarue, a major overhaul of the 1991 law on national security wiretaps is needed to catch up with modern intelligence gathering techniques and to better reflect the case law of the European Court of Human Rights. According to Delarue, justifications for government invasion of privacy need to be narrowly defined by law. Broad justifications such as “fundamental interests of the nation” are too vague to withstand scrutiny under European constitutional principles. Continue Reading
At the heart of EU data protection law is the passionate belief in the right to privacy. Indeed, the Treaty of Lisbon has now recognised both privacy and data protection as fundamental rights under EU law. As fundamental rights, there is a sense in which the scope of privacy and data protection must be expanded to the furthest extent possible. Yet, like any other law, it must be clear when and where EU data protection rules apply and the applicable law provision in the current Data Protection Directive (Directive) has caused some headaches along the way. Whether the proposed new EU regime will prove to be a calming tonic remains to be seen.
Today’s technology pays no attention to geographic borders. What do Cloud Computing networks care about the Atlantic Ocean so long as the network is resilient and customers can access their data? Businesses typically structure their systems in order to provide the best commercial proposition which often (but not always) involves cross-border data transfers. Therefore, cross-border data transfers are a part of everyday business.
But businesses need to understand which laws apply to their operations to ensure compliance and avoid being chased by regulators or disgruntled customers. Unfortunately, the Directive’s provision concerning when it applies (found at Article 4) has not always provided much clarity. Continue Reading
Hogan Lovells’ leading Privacy and Information Management practice is due to have its largest presence ever at the forthcoming IAPP Europe Data Protection Congress taking place in Brussels from 18 to 20 November.
More than 20 lawyers from 7 offices will be attending and actively participating at this event, including:
- Eduardo Ustaran will teach the CIPP/E certification course on Tuesday 18 November.
- Chris Wolf will be delivering a lecture about his book “Viral Hate” at the Brussels Press Club on 18 November.
- Harriet Pearson will speak at the session “EU and U.S. Data Sharing—Can Tensions Be Resolved?” on Wednesday 19 November.
- Marcy Wilder will be moderating and Winston Maxwell will be speaking at the session “Quantified Self and Potential Regulatory Reform” on Wednesday 19 November.
- Eduardo Ustaran will join as a panelist the session on “One in a Billion—Max Schrems v. Facebook” on Thursday 20 November.
Please come and visit us at Booth 3.
The Alliance of Automobile Manufacturers and the Association of Global Automakers, the two leading trade associations for vehicle manufacturers, today unveiled a set of baseline protections for consumer’s personal information in the era of connected cars. The Privacy Principles for Vehicle Technologies and Services commit participating automakers to take important steps to protect the personal information retrieved from vehicles. Hogan Lovells was engaged by the Alliance to lead drafting of the Principles and a team led by Chris Wolf and including Tim Tobin and James Denvil worked on the project. Continue Reading
It should be standard practice for companies to review the transparency of material disclaimers and disclosures in their advertising before every ad campaign. However, some companies tend to pack material disclosures into fine print or otherwise minimize their significance. The Federal Trade Commission (FTC) recently signaled to companies that it is paying attention to print and television ad disclosures. This follows the FTC’s renewed attention to online advertising as addressed last year in its updated .com Disclosures guidance for digital advertising (for the summary by Hogan Lovells, click here). Continue Reading
Asia has seen a proliferation of new and stepped-up data privacy laws in recent years. Many of these laws draw from a common source in the APEC Privacy Framework, a principles-based document that shares origins with Europe’s Directive 95/46. But regional framework notwithstanding, these laws have been implemented with unique features and important nuances in each jurisdiction across the Asia region. Critically, these laws are now being enforced, with high profile data security breaches and enforcement action regularly hitting the headlines in Asia, as elsewhere. Data privacy issues are now board level issues in Asia. Our Data Privacy Regulation Comes of Age in Asia gives an overview of regional developments and features a “heat map” that compares and contrasts regulatory standards and the enforcement environment in Asia’s key jurisdictions.
In a recent client alert, partner Natalia Gulyaeva and associate Maria Sedykh from the Hogan Lovells Moscow Office joined associate Bret Cohen from the Hogan Lovells Washington, D.C. office to highlight key insights from the fifth annual conference on “Personal Data Protection” hosted by Roskomnadzor, Russia’s Data Protection Authority. Continue Reading
In an article published by <re/code>, Hogan Lovells Partner Christopher Wolf, working with Jules Polonetsky, Wolf’s co-chair at the Future of Privacy Forum, explores novel applications of Big Data in combatting discrimination and advancing civil rights. As highlighted by Wolf and Polonetsky, Big Data analytics has already begun empowering society to limit and remedy discrimination and follows the legacy of the Matthew Shepard and James Byrd Jr. Hate Crimes Prevention Act and the Hate Crime Statistics Act of 1990, which produce comprehensive statistics on hate crimes for law enforcement.
For Big Data: Putting the Heat on Hate, click here.
For “Big Data: A Tool for Fighting Discrimination and Empowering Groups,” a report prepared in partnership between the Anti-Defamation League and the Future of Privacy Forum to highlight early results from the use of Big Data in the field of civil rights, click here.
Data protection in South Africa is regulated under the broad constitutional right to privacy, the common law, and a few pieces of legislation that contained interim provisions relating to data protection. Until very recently, South Africa did not have data protection‑specific legislation.
With the increase in electronic commerce globally, large industries managing computerised databases of millions of individuals’ records and the surveillance potential of computer systems, prompt demands for specific rules governing the collection and handling of personal information arose. Commissioned in 2005 and completed in 2009, the South African Law Commission finalised an investigation into privacy and data protection in South Africa, with a recommendation that privacy and information protection be regulated by general statute. Continue Reading